Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

How to Use Reply-To Phishing

Updated:

Created:

Using Reply-To Phishing

With reply-to phishing, you can test your users’ vulnerability to phishing attacks by tracking replies they send to Phishing Security Tests (PSTs) during a phishing campaign. You can download a user’s reply from the KMSAT console and review it to help identify what additional training the user needs. To learn more, see the guide below or watch our Reply-To Phishing video.

 

Jump to:

Setting Up Reply-To Phishing
Downloading Replies
Checking Replies in Your KMSAT Console

 

Setting Up Reply-To Phishing

To enable reply-to phishing, navigate to the Phishing tab in your KMSAT console and click the + Create Phishing Campaign button. From here, scroll down until you see the Track Activity section. 

Fill out the fields in this section. For more information, see the screenshot and list below:

  1. Track Replies to Phishing Emails: You can select this check box to track your user's replies to phishing test emails.
  2. Custom Reply-to Address Domain: This is the email address your users will see when receiving a phishing test email. These email addresses are created automatically, but you can override the default domain by entering a different domain.
  3. Keep reply content for later review: Select this check box to save replies your users send to phishing test emails. The information saved includes text and attachments.
  4. Record out of office replies: Select this check box to count any auto-generated out of office replies to phishing emails as a failure. This setting can be helpful if you’d like to see the information that users include in their out-of-office replies that could be used by cybercriminals. For example, you can see if your users include their work phone number and email address which can be used in targeted phishing attacks. 
Note: If your mail server settings require the return-path header and the reply-to address to match, then you can enable the Overwrite Return-path Address with Reply-to Address option from your Account Settings page. For more information, see our Account Settings Guide.

Back to top 

 

Downloading Replies

You can view your users' replies to see how they interact with the phishing test email. To view replies, follow the steps below: 

  1. Navigate to Phishing > Campaigns.
  2. Click the campaign you want to download responses from.
  3. Inside the campaign’s menu, navigate to Users > Replied.
  4. Inside the Replied tab, navigate to the user whose replies you want to download.
  5. Click the View User’s Replies arrow. 
  6. In the modal that opens, click the Download Raw Email text.

If your user replies multiple times to the same phishing email, we only record the first reply. If your user sends sensitive information that you have to delete, click Delete Reply Content found under Download Raw Email. Deleting your recorded messages will not impact your active phishing campaign.

Back to top

 

Checking Replies in Your KMSAT Console

You can also see whether a user replied to a phishing email without reading their reply. To check replies, navigate to Phishing > Campaign and click the training campaign you want to view. From here, click the Users tab and you will see the Recipients section. A check mark will display under the Replied tab if that user replied to the phishing email.

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles